{"vulnerability": "CVE-2018-0114", "sightings": [{"uuid": "fea0c0eb-c5fb-4d01-b7e2-1e14cc6b9d53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0114", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/11760", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1a\u6f0f\u6d1e\u9a8c\u8bc1\n\u63cf\u8ff0\uff1a\u9488\u5bf9JWT\u6e17\u900f\u5f00\u53d1\u7684\u6f0f\u6d1e\u9a8c\u8bc1/\u5bc6\u94a5\u7206\u7834\u5de5\u5177\uff0c\u9488\u5bf9CVE-2015-9235/\u672a\u9a8c\u8bc1\u7b7e\u540d\u653b\u51fb/CVE-2016-10555/CVE-2018-0114/CVE-2020-28042\u7684\u7ed3\u679c\u751f\u6210\u7528\u4e8eFUZZ\uff0c\u4e5f\u53ef\u4f7f\u7528\u5b57\u5178/\u5b57\u7b26\u679a\u4e3e(\u5305\u62ecJJWT)\u7684\u65b9\u5f0f\u8fdb\u884c\u7206\u7834\nURL\uff1ahttps://github.com/z-bool/Venom-JWT\n\n\u6807\u7b7e\uff1a#\u6f0f\u6d1e\u9a8c\u8bc1", "creation_timestamp": "2025-01-28T13:54:03.000000Z"}, {"uuid": "be706de2-d8a5-4ef7-8146-aaf8dc1b41f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0114", "type": "seen", "source": "https://gist.github.com/Darkcrai86/66d743a4a06a64a0ce6ebc2ade5b4402", "content": "", "creation_timestamp": "2025-09-22T13:05:04.000000Z"}, {"uuid": "04321b7f-83c4-4420-9322-168cf6d20ec3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0114", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/12590", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1a\u6f0f\u6d1e\u9a8c\u8bc1\n\u63cf\u8ff0\uff1a\u9488\u5bf9JWT\u6e17\u900f\u5f00\u53d1\u7684\u6f0f\u6d1e\u9a8c\u8bc1/\u5bc6\u94a5\u7206\u7834\u5de5\u5177\uff0c\u9488\u5bf9CVE-2015-9235/\u672a\u9a8c\u8bc1\u7b7e\u540d\u653b\u51fb/CVE-2016-10555/CVE-2018-0114/CVE-2020-28042\u7684\u7ed3\u679c\u751f\u6210\u7528\u4e8eFUZZ\uff0c\u4e5f\u53ef\u4f7f\u7528\u5b57\u5178/\u5b57\u7b26\u679a\u4e3e(\u5305\u62ecJJWT)\u7684\u65b9\u5f0f\u8fdb\u884c\u7206\u7834\nURL\uff1ahttps://github.com/kingjly/Directory-Traversal-Scanner\n\n\u6807\u7b7e\uff1a#\u6f0f\u6d1e\u9a8c\u8bc1", "creation_timestamp": "2025-02-05T19:34:25.000000Z"}, {"uuid": "46a01084-24d5-45d8-920b-0a653374ebd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0114", "type": "published-proof-of-concept", "source": "Telegram/xKQG92GAEvbSnroBQjDjZcbZhZYqgv_RfZJJxSMddxWbWNo", "content": "", "creation_timestamp": "2025-04-25T23:00:05.000000Z"}, {"uuid": "1f3eb93c-6448-46c8-83a4-c4fbb0d01643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0114", "type": "seen", "source": "https://t.me/pt_soft/21", "content": "The JSON Web Token Toolkit v2\n\n\ud83d\udc0d A toolkit for testing, tweaking and cracking JSON Web Tokens\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0432\u0430\u043b\u0438\u0434\u043d\u043e\u0441\u0442\u044c\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n(CVE-2015-2951) alg=none\n(CVE-2016-10555) RS/HS256 public key mismatch\n(CVE-2018-0114) Key injection\n(CVE-2019-20933/CVE-2020-28637) Blank password\n(CVE-2020-28042) Null signature\n\n#json #jwt #jwt_tool #json_web_token", "creation_timestamp": "2023-08-02T10:00:03.000000Z"}, {"uuid": "0b08ade8-e752-4521-81cf-c441c3d24d65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0114", "type": "seen", "source": "https://t.me/pt_soft/12", "content": "The JSON Web Token Toolkit v2\n\n\ud83d\udc0d A toolkit for testing, tweaking and cracking JSON Web Tokens\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0432\u0430\u043b\u0438\u0434\u043d\u043e\u0441\u0442\u044c\n\u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043d\u0430 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438:\n(CVE-2015-2951) alg=none\n(CVE-2016-10555) RS/HS256 public key mismatch\n(CVE-2018-0114) Key injection\n(CVE-2019-20933/CVE-2020-28637) Blank password\n(CVE-2020-28042) Null signature\n\n#json #jwt #jwt_tool #json_web_token", "creation_timestamp": "2023-08-02T10:00:03.000000Z"}, {"uuid": "0d0f8d11-dfb2-4c05-8fc4-2a0d1a5db96e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0114", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/64", "content": "#exploit\nCisco vulnerabilities:\n\n1. CVE-2018-0101:\nCisco ASA SSL VPN Vulnerability\nhttps://github.com/1337g/CVE-2018-0101-DOS-POC\n]-> A low interaction honeypot for Cisco ASA component capable of detecting CVE-2018-0101, a DoS/RCE vulnerability\nhttps://github.com/Cymmetria/ciscoasa_honeypot\n\n2. CVE-2018-0114:\nVulnerability in Cisco node-jose library <0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token\n]-> https://github.com/zi0Black/POC-CVE-2018-0114\n]-> https://github.com/Logeirs/CVE-2018-0114\n]-> https://github.com/adityathebe/POC-CVE-2018-0114\n\n3. CVE-2018-0208:\nVulnerability in web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a XSS attack against a user of the web-based management interface of the affected service\nhttps://github.com/dima5455/Cve-2018-0208", "creation_timestamp": "2024-10-11T07:45:56.000000Z"}]}